gAtO interview -Botnet’s in Tor -sI -Si

gAtO jUsT – finished an interview with Bill Donato from BotRevolt.com. I wanted to post this because these were good questions. My answers were a little lOcO gAtO but I tried anyway here is the Interview, at the bottom I included a conversation about Tor Controlled Botnet I found in HackBB in onion land, all I can tell you the code and how-to are out there –gAtO oUt

 

LinkedInMr Bill Donato has sent you a message.

Date: 7/26/2012

Subject: RE: Bot Revolt Blog

Hi Richard,
Here are 5 general questions we think our readers would find interesting. We greatly appreciate your feedback!

First Thank you Bill for this opportunity. I have 35 years in IT-and a little security goes with the territory but I’m no expert. I’m retired so I have the freedom to say what I want and I have chosen to support Freedom of Speech in cyberspace. You can find my rants and rages about security at http://uscyberlabs.com/blog I go by twitter @gAtOmAlO2 after my lionhearted cat “named- gato”. my 2 cents “be a critical reader, thinker and cyber user”. truet but verify

• We see a lot of cybercrime targeted at large companies, but how vulnerable is the average consumer in today’s cyber environment?

In todays economic climate cyber criminals see mass unemployment and use that to recruit shipping mules and money mules. Financial desperation and greed is a driving force in recruitment and the FBI is well aware of this a good money mule is hard to find and trust. Also Infection points for zombie computers to do the dirty work goes up and up with every new exploit. Last people don’t know how much information they leak out. With metadata just from the pictures in Facebook a criminal can gleam lot’s of information from the average Facebook update???.//

So to answer your question yes the average consumer needs to be very careful and have common sense. That lost Uncle from Nigeria did not leave you a billion dollars, trust me on this one.

• At the current level of cybercrime’s growth, if it is possible how long before the internet crashes?

Cyber crime is growing but CISPA is not the answer. PII (Personal Identifiable Information) that the government say’s it will not gather just your shopping and search cyber habits, nothing identifiable until you type in the wrong keyword, then your monitored. Then your footsteps in cyberspace will be monitored a bit more closely. The Judicial system now added the cyber forensic phycologist that can produce “minority reports- remember the movie – the though police…”. That’s scary..

Where were you last Tuesday @ 9:37 PM… they know, we are being monitored by the good guy in todays Internet. It’s normal to update my Facebook page or my Linkined profile, leaking data with the metadata from our pictures of our visit to the new office overseas. Can give criminals information for APT attacks.

As to the Internet crashing, I think it’s just beginning. We have Criminals after our data, government after our habits and we have ourself leaking information for everyone to know about me, me, me…. but it’s not crashing —> we have too many me..me..me..

• Cyber warfare is a hot topic, how will a cyber-war affect the countries average citizen?

Have you ever watch your daughter lose her cell phone 5 times in one year, 5 times not one backup. The effects of a cyber kinetic event in the US will happen. I see open scada system in the wild with no protection. Try and report this information that’s a joke and impossible. So many miss-configured scada all running windows OS, with no patch updates or management..// so they become more vulnerable everyday that they don’t upgrade.

Oh make that a tested Update because we (admin type) all stayed up late at nights un-installing an upgrade for -Windows OS- that made the Payroll system -Oracle- not work so NO paychecks….

In other words it will happened because we have a pretty bad security system built into these devices and they are to expensive to replace it’s worth the risk from a financial side so companies ROI return on investment… they did the cost analysis of an attack -they know they will get hacked…Power grid YeaH Baby and we have no backup — but we still come back… the average citizen has to ride it out we have no choice in warfare.
• You talk on your website, uscyberlabs.com, about the rise of botnets running on the tor .onion network, is the tor network a threat to people who do not access it? If so how do users protect themselves?


Botnets in Tor on Yeah! I’m doing some research into botnets in the Tor Black Market and it’s alive and kicking. The Tor hidden service and C&C servers goes hand in hand. You can’t find it, and it can’t be found. We also have i2p as an up and coming secure anonymized network so expect more and more from this area.

I included a post from HackBB-website in the onion network this discussion is about “Tor-Controlled Botnets” I included the code so in Tor there is talk from the hacker world on how to guides to Tor & bonnets. and it’s has a current timestamp.

I’t not just the code it’s also the infrastructure design.

Got to Tor HackBB [1]–  — http://clsvtzwzdgzkjda7.onion/

• On your blog titled “Online Security Basic -should I use encryption” you give some great information. What encryption programs, methods or tips do your recommend for some of the less computer savvy users?

Well first of all here [below] is my public key if you want to send me a message. I use FireVault and encrypt my hard drive, but I forgot my password – that’s my story and I’m sticking to it..;) I use GnuPG. Since I’m not doing skunk work, and I’m not a spy, I try to go open-source type programs, yes they are a little harder to learn but I feel safer with the open aspect of it. In security we have a motto – trust but verify – I can verify these open source program…./

One thing that the average user needs to do is to make their privacy a key part in their cyber life. When you start down the security rabbit hole it’s an active step in your cyber lifestyle.

Privacy is a personal thing, when I’m looking for Preperation H I don’t want Google, Yahoo or Amazon to know about this medical problem, it’s kinda personal, private. But when I’m trolling on Huffington Post it’s another world.

 

 

[1] Conversation online in HACKBB website.. about Tor Botnets

 

[1] Tor-controlled botnet

Re: Tor-controlled botnet

by BotCoder » Fri May 18, 2012 5:50 pm

Good news! I compiled TOR from source and there is no GUI or tray icon if you skip the installer step.

Here are the info to compile from source (you can skip the installer part and build a silent one yourself):

CODE

##

## Instructions for building Tor with MinGW (http://www.mingw.org/)

##

Stage One:  Download and Install MinGW.

—————————————

Download mingw:

http://prdownloads.sf.net/mingw/MinGW-5.1.6.exe?download

Download msys:

http://prdownloads.sf.net/ming/MSYS-1.0.11.exe?download

Download msysDTK:

http://sourceforge.net/projects/mingw/files/MSYS%20Supplementary%20Tools/msysDTK-1.0.1/msysDTK-1.0.1.exe/download

Install MinGW, msysDTK, and MSYS in that order.

Make sure your PATH includes C:MinGWbin.  You can verify this by right

clicking on “My Computer”, choose “Properties”, choose “Advanced”,

choose “Environment Variables”, select PATH.

Start MSYS(rxvt).

Create a directory called “tor-mingw”.

Stage Two:  Download, extract, compile openssl

———————————————-

Download openssl:

http://www.openssl.org/source/openssl-0.9.8l.tar.gz

Extract openssl:

Copy the openssl tarball into the “tor-mingw” directory.

Type “cd tor-mingw/”

Type “tar zxf openssl-0.9.8l.tar.gz”

(Note:  There are many symlink errors because Windows doesn’t support

symlinks.  You can ignore these errors.)

Make openssl libraries:

Type “cd tor-mingw/openssl-0.9.8l/”

Type “./Configure -no-idea -no-rc5 -no-mdc2 mingw”

Edit Makefile and remove the “test:” and “tests:” sections.

Type “rm -rf ./test”

Type “cd crypto/”

Type “find ./ -name “*.h” -exec cp {} ../include/openssl/ ;”

Type “cd ../ssl/”

Type “find ./ -name “*.h” -exec cp {} ../include/openssl/ ;”

Type “cd ..”

Type “cp *.h include/openssl/”

Type “find ./fips -type f -name “*.h” -exec cp {} include/openssl/ ;”

# The next steps can take up to 30 minutes to complete.

Type “make”

Type “make install”

 

Stage Three:  Download, extract, compile zlib

———————————————

Download zlib source:

http://www.zlib.net/zlib-1.2.3.tar.gz

Extract zlib:

Copy the zlib tarball into the “tor-mingw” directory

Type “cd tor-mingw/”

Type “tar zxf zlib-1.2.3.tar.gz”

CHOICE:

Make zlib.a:

Type “cd tor-mingw/zlib-1.2.3/”

Type “./configure”

Type “make”

Type “make install”

Done.

 

Stage Four: Download, extract, and compile libevent

——————————————————

Download the latest libevent release:

http://www.monkey.org/~provos/libevent/

Copy the libevent tarball into the “tor-mingw” directory.

Type “cd tor-mingw”

Extract libevent.

Type “./configure –enable-static –disable-shared”

Type “make”

Type “make install”

 

Stage FiveBuild Tor

———————-

Download the current Tor alpha release source code from https://torproject.org/download.html.

Copy the Tor tarball into the “tor-mingw” directory.

Extract Tor:

Type “tar zxf latest-tor-alpha.tar.gz”

cd tor-<version>

Type “./configure”

Type “make”

You now have a tor.exe in src/or/.  This is Tor.

You now have a tor-resolve.exe in src/tools/.

 

Stage Six:  Build the installer

——————————-

Install the latest NSIS:

http://nsis.sourceforge.net/Download

Run the package script in contrib:

From the Tor build directory above, run:

“./contrib/package_nsis-mingw.sh”

The resulting Tor installer executable is in ./win_tmp/.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

gAtOmAlO Public Key-

—–BEGIN PGP PUBLIC KEY BLOCK—–

Version: GnuPG/MacGPG2 v2.0.17 (Darwin)

Comment: GPGTools – http://gpgtools.org

 

mQENBFAGzo8BCAC7Sg4uz5lQVrAPVe+BlMMGKjnLJwQvBy6V29CfPlws3/7b0Ryd

Th9CerSYt49Pt98iPNNZm38rtiKgABXp2jzTrpZDJsnxN+XCg0sdr/NZb6esP7Ck

hE77VSvTr0khFM1w7ZS3tf/1q6e9iqUovzPS4kBwSL7TMJgoQY0EJ9WAvLDeNrpO

P/JEBsawMH2q4Xd/i4QzirQf3fxVofOcwicSks9HI7LnSkiZu+rZTHo0yzdk/Sc6

SJqrFVplsUsSvESRdVLOEU4WVb7YpWGk3wBXgSSOvD+f2LVAgT40T4rGE15ZX3ou

Z/GEXCAy3Z+uVPPdiOPJRF71qmkRe0Um6yiNABEBAAG0I2dhdG8tbGFiIDxnYXRv

bWFsb0B1c2N5YmVybGFicy5jb20+iQE+BBMBAgAoBQJQBs6PAhsvBQkHhh+ABgsJ

CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRA1tzvyZQcKfrmLB/96RHvWFhzsfHWc

5YmW12vZf6cEbR0qgp1Z4LeERpuv/K96NSrXM81CMmi5F0l/m6ui/cEh0nwVM+EA

RD8MhJwRIhz3QOi6I5DBwM5YkKQNPgSPJegu27+96WXS4eNalQGZizBnbNO4SkdI

W2sH5L85z+uveZkKsGix9B8vLP9wcKMRP+5QEMVqetJ9+8njgfS4cmDrAnQyEfbs

dX5/P110a1rlPVK4vxiBGkikW4K3gmwMgNlRvQcLjlGjGpzon5a/Y9ve9WySSa8v

AMBZS5y6k6dkXXrakpBESkwJrYJDU16vlafL4C3lEP+Ce3foTTIWuHRAnJZnza4R

D0xX4C/6uQENBFAGzo8BCAC4odhP/am4dRMfJzJRIaCEzP+hs6pNOAcrHdychB5M

9z3ym6ddI0EEsI63xbYNmv+RJRxO6ZMY7P0R4CgUFPdjzmTbnPZ01J99QiPXUfd4

8+n4sCUvbEFCPSORnAPiKmWJbNrGsG7vXVTHCRgLUFIV9GAhBdK8ajn+UCZRR7Gf

Zr4qQ68cO+zS3rE4DeYgMpq9c4BYIbaRyjTTj9bwAEjr7gb7pyYGinyXtgz07/cK

hBgXmJf7zJ1s9kYMpeFqXAtd51fPcqCt0liutzyW/+YAIqAXP2WBNgZvDbfhd/5U

Od3aP1DeqJJOec3XcuLvts6rodWMSrb7remJQkkv5dftABEBAAGJAkQEGAECAA8F

AlAGzo8CGy4FCQeGH4ABKQkQNbc78mUHCn7AXSAEGQECAAYFAlAGzo8ACgkQkjHj

5gQjJYAL/Af+J5ZeEUNpbV96CUTVeSrT6hDrdkvU5NnPFUZmlVfhh+xrtRsHTJ9K

Ujcd5yAlLI38tr4A3hhuX1OToroEVRFKhTq+XpaKSBtdOeauCJeDY0NiKMJCBDue

+2CiqwIWR4tOfIFHPE/+F1STPgCxCFNfMouHqe+tI9+rqkJ11nPrUGCAzwmPcfK4

oKGWg1sbFKjyTN1XnVuzT3X/13DcZxFA9eDD2VAqlujBtifJJdYRd+hoBdoAjfXZ

OJJaYhvhj0CWWAv69Xpj1DyDA84ZcX5aanVRIhTLHgPhdJQ+jnxXYjrzE1RS+F2C

waXI7skjL/WWhey2YCFTMsY285TQbfBPn4t3B/4k35sqsb7FEd3au97AbJ1s1BWK

ZTSn6cEY9ZjB3exDsG/XQY522bdq+PxbSt8WKPlaEhEP0kjNOfl2UsBzNISL0f6s

hvwDR0Pov07W8t0O4Nz1v07AXDDxKvcgjPGTwknmjg2ny/ToEAbiacP7cXHuCOnw

A2e3l9C8Loluhvt3zgQVsv4E19KUT3a9SIYzIazQ+qbYAbbZszvjWMbBHroVviLj

9ImVWPh6lFARRKvmDTYk6RxAEKLPiYtcgtCUU34vJu+XBJchn4ua+Soney7ZIeyU

9D0mW4dFCYrdyTpbnK9vlYnzwhmT5ggTNGZu5t8PJLMW/qgwiCroXG6i3x58

=lYdL

—–END PGP PUBLIC KEY BLOCK—–

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: